Privacy Notice
Altruderm Ltd, a company registered in Scotland (Company Number SC502758) and having our registered office at 4 Royal Crescent, Glasgow, United Kingdom G3 7SL (“We”) are committed to protecting and respecting your privacy. For the purposes of the Data Protection Act 2018, the General Data Protection Regulation (EU Regulation 2016/679) (GDPR) and any subsequent UK legislation enshrining the provisions of the GDPR in UK law (together the Data Protection Legislation) we are the data controller.
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
You may wish to contact us regarding our use of your personal data. Should you wish to do so, please contact our Data Protection Lead: Julie McDaid
Altruderm Clinic
Building 2, Kirkhill House
81 Broom Road East
Newton Mearns
G77 5LL
Email: admin@altruderm.co.uk
Tel: 0141 370 6201
Information we collect from you
Personal Data is defined by the GDPR as “any information relating to an identifiable person who can be directly or indirectly identified in particular reference to another identifier”. In simpler terms, this means any information about you that enables you to be identified.
We will collect and process information about you that you give us verbally in consultation with our healthcare professionals, by filling in new patient registration forms or by corresponding with us or our third party sub-contractors by phone or e-mail. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information. We may also request information relating to your health medical history and genetic data, so called Special Category Data.
How we use the information collected
We use information held about you in the following ways: to provide you with the consultation or treatment services you have requested from us; to learn from and improve our diagnoses and/or our treatment services; to notify you about changes to our service; to process your payment for our services; to notify you when your next consultation or treatment is due and; to send you a reminder message about any upcoming appointment.
We may also wish to send you information about services we feel may interest you because they are similar to services we have provided to you in the past or which you have enquired about. We will not send you any such marketing messages unless we have obtained your express consent to do so.
You will be asked to confirm your marketing preferences;
- When you fill in the Enquiry Form on our website
- When you attend the clinic for your appointment (you will be asked to confirm your marketing preferences each time you attend the clinic)
Basis for collection of the information
The collection and processing by us of personal data about you such as your name, address, e-mail address, phone number, financial and credit card information is lawful on the basis that it is necessary for the performance of our contract with you or to take steps to enter into our contract with you.
The collection and processing by us of information about your health, medical history and genetic data, so-called Special Category Data, (if appropriate) is lawful on the basis that it is necessary for or supports the performance of our contract with you and that contract relates to the provision of health care or treatment or a contract with a health professional.
Disclosure of your information
You agree that we have the right to share your personal data, including your Special Category Data, with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them. If analysis of any Special Category Data is required as part of your treatment, you agree that such data may be shared with our sub-contractors for the purpose of carrying out such analysis. Such data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and may be processed by staff operating outside the EEA who work for us or for one of our sub-contractors. Otherwise, we will only disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or if you expressly authorise us to do so.
In delivering our services, we may share your data with:
- Your GP – unless we are bound to share your data for some reason we will ask your consent to contact your GP
- The Doctors’ Laboratory – who provide us with diagnostic services
- Barco N.V. (Barco Demetra) – who provide us with diagnostic services
- AlumierMD – who provide advice if a patient has an adverse reaction to treatment
- The Aesthetics Complications Expert Group (ACE) – who provide guidance and advice on the diagnosis and management of complications in aesthetic medicine
- Pabau – who run our electronic records management system
- Stripe – who manage our online payment system
- Elavon – who manage our card terminal
- Connect Communications – who manage our telephone call answering service
- Xero – who process our company accounts and customer information
- Russell & Russell – who process company accounts and customer information
- Unilabs – who provide us with diagnostic services
We require that all our third party partners with whom we may share your data will process that data in accordance with the Data Protection Legislation. However, any data that is shared with these third parties shall also be subject to that party’s Data Privacy Policy and you should make yourself aware of the terms of that policy to know how your data is being managed.
We endeavour to only share the minimum amount of your data necessary for the provision of our services.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention period
We hold your personal data for a period of 6 years, after which your data will be deleted or destroyed securely. For more information please contact us.
Your rights
The Data Protection Legislation gives you the right to access the information we hold about you. You are also entitled to have personal data we hold about you changed if it is inaccurate or incomplete and erased where it is no longer necessary for us to hold it for the purposes it was originally collected. You have a right to restrict processing of data we hold about you in certain circumstances and the right to data portability to allow you to obtain and reuse information we hold about you for your own purposes. If you wish to contact us regarding the rectification or erasure of your personal data that we hold, please do so using the contact details set out above.
You are entitled to complain about any breach of your statutory rights to a supervisory authority such as the Information Commissioner’s Office.
Last updated: March 2021